<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Upgrade iRedMail from 1.7.1 to 1.7.2</title>
        <link rel="stylesheet" type="text/css" href="./css/markdown.css" />
    </head>
    <body>

    <div id="navigation">
    <a href="https://www.iredmail.org" target="_blank">
        <img alt="iRedMail web site"
             src="./images/logo-iredmail.png"
             style="vertical-align: middle; height: 30px;"
             />&nbsp;
        <span>iRedMail</span>
    </a>
    &nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="upgrade-iredmail-from-171-to-172">Upgrade iRedMail from 1.7.1 to 1.7.2</h1>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Check out the on-premises, lightweight email archiving software developed by iRedMail team: <a href="https://spiderd.io/">Spider Email Archiver</a>.</p>
</div>
<div class="toc">
<ul>
<li><a href="#upgrade-iredmail-from-171-to-172">Upgrade iRedMail from 1.7.1 to 1.7.2</a><ul>
<li><a href="#changelog">ChangeLog</a></li>
<li><a href="#general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</a><ul>
<li><a href="#update-etciredmail-release-with-new-iredmail-version-number">Update /etc/iredmail-release with new iRedMail version number</a></li>
<li><a href="#upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-581">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.8.1)</a></li>
<li><a href="#upgrade-mlmmjadmin-to-the-latest-stable-release-330">Upgrade mlmmjadmin to the latest stable release (3.3.0)</a></li>
<li><a href="#upgrade-roundcube-webmail-to-the-latest-stable-release-169-or-159">Upgrade Roundcube webmail to the latest stable release (1.6.9 or 1.5.9)</a></li>
<li><a href="#upgrade-netdata-to-the-latest-stable-release-v211">Upgrade netdata to the latest stable release (v2.1.1)</a></li>
<li><a href="#fixed-incorrect-sql-column-name-in-fail2ban-script">Fixed: incorrect sql column name in Fail2ban script</a></li>
<li><a href="#fixed-not-serve-acme-challenge-over-http-directly">Fixed: Not serve ACME challenge over HTTP directly</a></li>
</ul>
</li>
<li><a href="#for-openldap-backend">For OpenLDAP backend</a><ul>
<li><a href="#update-ldap-schema-file">Update LDAP schema file</a></li>
<li><a href="#fixed-incorrect-sql-table-name-in-sogo-config-file">Fixed: incorrect sql table name in SOGo config file</a></li>
</ul>
</li>
<li><a href="#for-mariadb-backend">For MariaDB backend</a><ul>
<li><a href="#fixed-not-detect-domain-status-while-querying-per-domain-bcc">Fixed: Not detect domain status while querying per-domain BCC</a></li>
<li><a href="#fixed-incorrect-sql-table-name-in-sogo-config-file_1">Fixed: incorrect sql table name in SOGo config file</a></li>
</ul>
</li>
<li><a href="#for-postgresql-backend">For PostgreSQL backend</a><ul>
<li><a href="#fixed-not-detect-domain-status-while-querying-per-domain-bcc_1">Fixed: Not detect domain status while querying per-domain BCC</a></li>
<li><a href="#fixed-incorrect-sql-table-name-in-sogo-config-file_2">Fixed: incorrect sql table name in SOGo config file</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="admonition note">
<p class="admonition-title">Remote Upgrade Assistance</p>
<p>Check out our <a href="https://www.iredmail.org/support.html">remote upgrade support</a> if you need assistance.</p>
</div>
<h2 id="changelog">ChangeLog</h2>
<ul>
<li>Jan 26, 2025: Mention updating <code>/etc/letsencrypt/renewal/*.conf</code>.</li>
<li>Jan 24, 2025: initial publish.</li>
</ul>
<h2 id="general-all-backends-should-apply-these-changes">General (All backends should apply these changes)</h2>
<h3 id="update-etciredmail-release-with-new-iredmail-version-number">Update <code>/etc/iredmail-release</code> with new iRedMail version number</h3>
<p>iRedMail stores the release version in <code>/etc/iredmail-release</code> after
installation, it's recommended to update this file after you upgraded iRedMail,
so that you can know which version of iRedMail you're running. For example:</p>
<pre><code>1.7.2
</code></pre>
<h3 id="upgrade-iredapd-postfix-policy-server-to-the-latest-stable-release-581">Upgrade iRedAPD (Postfix policy server) to the latest stable release (5.8.1)</h3>
<p>Please follow below tutorial to upgrade iRedAPD to the latest stable release:
<a href="./upgrade.iredapd.html">Upgrade iRedAPD to the latest stable release</a></p>
<h3 id="upgrade-mlmmjadmin-to-the-latest-stable-release-330">Upgrade mlmmjadmin to the latest stable release (3.3.0)</h3>
<p>Please follow below tutorial to upgrade mlmmjadmin to the latest stable release:
<a href="./upgrade.mlmmjadmin.html">Upgrade mlmmjadmin to the latest stable release</a></p>
<h3 id="upgrade-roundcube-webmail-to-the-latest-stable-release-169-or-159">Upgrade Roundcube webmail to the latest stable release (1.6.9 or 1.5.9)</h3>
<div class="admonition warning">
<p class="admonition-title">CentOS 7: please stick to Roundcube 1.5.2</p>
<p><strong>It's time to leave your comfort zone and upgrade this server to at least
CentOS Stream 8 or <a href="https://docs.rockylinux.org/guides/migrate2rocky/">Rocky Linux 8</a>.</strong></p>
<p>If you're running CentOS 7, please upgrade to Roundcube 1.5.2 instead.
Roundcube 1.5.3 requires PHP-7, but CentOS 7 ships PHP-5.4 which is not
supported by Roundcube 1.5.3 and later releases, including 1.6.x.</p>
<p><strong>Unfortunately, Roundcube 1.5.2 does NOT contains multiple security fixes
which shipped in Roundcube 1.5.6 and 1.6.5.</strong></p>
</div>
<div class="admonition warning">
<p class="admonition-title">Ubuntu 18.04: please stick to Roundcube 1.5.9</p>
<p>Ubuntu 18.04 runs old php version which is not supported by Roundcube 1.6.</p>
</div>
<ul>
<li><a href="https://github.com/roundcube/roundcubemail/wiki/Upgrade">Upgrade Roundcube</a>.</li>
</ul>
<h3 id="upgrade-netdata-to-the-latest-stable-release-v211">Upgrade netdata to the latest stable release (v2.1.1)</h3>
<p>If you have netdata installed, you can upgrade it by following this tutorial:
<a href="./upgrade.netdata.html">Upgrade netdata</a>.</p>
<h3 id="fixed-incorrect-sql-column-name-in-fail2ban-script">Fixed: incorrect sql column name in Fail2ban script</h3>
<p>Run command below to download patched file.</p>
<pre><code>wget -O /usr/local/bin/fail2ban_banned_db \
    https://raw.githubusercontent.com/iredmail/iRedMail/1.7.2/samples/fail2ban/bin/fail2ban_banned_db
</code></pre>
<h3 id="fixed-not-serve-acme-challenge-over-http-directly">Fixed: Not serve ACME challenge over HTTP directly</h3>
<p>Let's Encrypt cert renewal may fail with error <code>Connection refused</code> if the
HTTP request is redirected to HTTPS.</p>
<ul>
<li>Replace <code>/etc/nginx/sites-available/00-default.conf</code> by content below:</li>
</ul>
<pre><code>#
# Note: This file must be loaded before other virtual host config files,
#
# HTTP
server {
    # Listen on ipv4
    listen 80;
    #listen [::]:80;

    server_name _;

    # Allow ACME challenge to be served over HTTP (don't redirect to HTTPS).
    location ~* ^/.well-known/acme-challenge/ {
        root /opt/www/well_known;
        try_files $uri =404;
        allow all;
    }

    # Redirect all insecure http requests to https.
    location / {
        return 301 https://$host$request_uri;
    }
}
</code></pre>
<ul>
<li>Create new directory <code>/opt/www/well_known</code>, set correct owner, group and
  permission, then restart Nginx service:</li>
</ul>
<pre><code>mkdir -p /opt/www/well_known
chown root:root /opt/www/well_known
chmod 0755 /opt/www/well_known
service nginx restart
</code></pre>
<p>Note: If you renew cert with <code>certbot</code> program and <code>--webroot</code> argument,
you must replace old directory in <code>/etc/letsencrypt/renewal/*.conf</code> by
<code>/opt/www/well_known</code> manaully. Also, to request new ssl cert with <code>--webroot</code>
argument, please specify <code>-w /opt/www/well_known</code> each time.</p>
<h2 id="for-openldap-backend">For OpenLDAP backend</h2>
<h3 id="update-ldap-schema-file">Update LDAP schema file</h3>
<p>New schema allows mail alias account to use 2 more attributes:
- <code>accessPolicy</code>,
- <code>listModerator</code>.</p>
<p>Download the latest iRedMail LDAP schema file:</p>
<ul>
<li>On RHEL/CentOS:</li>
</ul>
<pre><code>wget -O /tmp/iredmail.schema https://github.com/iredmail/iRedMail/raw/1.7.2/samples/iredmail/iredmail.schema
mv /etc/openldap/schema/iredmail.schema{,.bak}
cp -f /tmp/iredmail.schema /etc/openldap/schema/
service slapd restart
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code>wget -O /tmp/iredmail.schema https://github.com/iredmail/iRedMail/raw/1.7.2/samples/iredmail/iredmail.schema
mv /etc/ldap/schema/iredmail.schema{,.bak}
cp -f /tmp/iredmail.schema /etc/ldap/schema/
service slapd restart
</code></pre>
<ul>
<li>On FreeBSD:</li>
</ul>
<pre><code>wget -O /tmp/iredmail.schema https://github.com/iredmail/iRedMail/raw/1.7.2/samples/iredmail/iredmail.schema
mv /usr/local/etc/openldap/schema/iredmail.schema{,.bak}
cp -f /tmp/iredmail.schema /usr/local/etc/openldap/schema/
service slapd restart
</code></pre>
<ul>
<li>On OpenBSD:</li>
</ul>
<pre><code>ftp -o /tmp/iredmail.schema https://github.com/iredmail/iRedMail/raw/1.7.2/samples/iredmail/iredmail.schema
mv /etc/openldap/schema/iredmail.schema{,.bak}
cp -f /tmp/iredmail.schema /etc/openldap/schema/
rcctl restart slapd
</code></pre>
<h3 id="fixed-incorrect-sql-table-name-in-sogo-config-file">Fixed: incorrect sql table name in SOGo config file</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This's a bug introduced in iRedMail-1.7.1, this fix is applicable if your
server was deployed with iRedMail-1.7.1.</p>
</div>
<p>Fix incorrect sql table name in SOGo config file, rename the table in SQL
database, and restart SOGO service:</p>
<pre><code>perl -pi -e 's#PH_SOGO_DB_TABLE_ADMIN#sogo_admin#g' /etc/sogo/sogo.conf
mysql sogo -e &quot;RENAME TABLE PH_SOGO_DB_TABLE_ADMIN TO sogo_admin;&quot;
service sogo restart
</code></pre>
<h2 id="for-mariadb-backend">For MariaDB backend</h2>
<h3 id="fixed-not-detect-domain-status-while-querying-per-domain-bcc">Fixed: Not detect domain status while querying per-domain BCC</h3>
<ul>
<li>Open file <code>/etc/postfix/mysql/recipient_bcc_maps_domain.cf</code>, replace the <code>query =</code> line by below one:</li>
</ul>
<pre><code>query       = SELECT recipient_bcc_domain.bcc_address FROM recipient_bcc_domain, domain WHERE recipient_bcc_domain.domain='%d' AND recipient_bcc_domain.domain=domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/mysql/sender_bcc_maps_domain.cf</code>, replace the <code>query =</code> line by below one:</li>
</ul>
<pre><code>query       = SELECT sender_bcc_domain.bcc_address FROM sender_bcc_domain, domain WHERE sender_bcc_domain.domain='%d' AND sender_bcc_domain.domain=domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Restart <code>postfix</code> service:</li>
</ul>
<pre><code>systemctl restart postfix
</code></pre>
<h3 id="fixed-incorrect-sql-table-name-in-sogo-config-file_1">Fixed: incorrect sql table name in SOGo config file</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This's a bug introduced in iRedMail-1.7.1, this fix is applicable if your
server was deployed with iRedMail-1.7.1.</p>
</div>
<p>Fix incorrect sql table name in SOGo config file, rename the table in SQL
database, and restart SOGO service:</p>
<pre><code>perl -pi -e 's#PH_SOGO_DB_TABLE_ADMIN#sogo_admin#g' /etc/sogo/sogo.conf
mysql sogo -e &quot;RENAME TABLE PH_SOGO_DB_TABLE_ADMIN TO sogo_admin;&quot;
service sogo restart
</code></pre>
<h2 id="for-postgresql-backend">For PostgreSQL backend</h2>
<h3 id="fixed-not-detect-domain-status-while-querying-per-domain-bcc_1">Fixed: Not detect domain status while querying per-domain BCC</h3>
<ul>
<li>Open file <code>/etc/postfix/pgsql/recipient_bcc_maps_domain.cf</code>, replace the <code>query =</code> line by below one:</li>
</ul>
<pre><code>query       = SELECT recipient_bcc_domain.bcc_address FROM recipient_bcc_domain, domain WHERE recipient_bcc_domain.domain='%d' AND recipient_bcc_domain.domain=domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/pgsql/sender_bcc_maps_domain.cf</code>, replace the <code>query =</code> line by below one:</li>
</ul>
<pre><code>query       = SELECT sender_bcc_domain.bcc_address FROM sender_bcc_domain, domain WHERE sender_bcc_domain.domain='%d' AND sender_bcc_domain.domain=domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Restart <code>postfix</code> service:</li>
</ul>
<pre><code>systemctl restart postfix
</code></pre>
<h3 id="fixed-incorrect-sql-table-name-in-sogo-config-file_2">Fixed: incorrect sql table name in SOGo config file</h3>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>This's a bug introduced in iRedMail-1.7.1, this fix is applicable if your
server was deployed with iRedMail-1.7.1.</p>
</div>
<p>Fix incorrect sql table name in SOGo config file:</p>
<pre><code>perl -pi -e 's#PH_SOGO_DB_TABLE_ADMIN#sogo_admin#g' /etc/sogo/sogo.conf
</code></pre>
<p>Switch to PostgreSQL daemon user, rename the table in SQL database, and restart SOGO service:</p>
<pre><code>su - postgres
psql -d sogo -c &quot;ALTER TABLE PH_SOGO_DB_TABLE_ADMIN RENAME TO sogo_admin;&quot;
service sogo restart
</code></pre><div class="footer">
    <p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>